When your cloud assets are breached by a virus ….
Scenario 1 (old school):
- Future impact: Zero
- Cost: One time
Scenario 2 (most businesses and product teams)
- Future Impact: High and frequent
- Cost: Ongoing
When your cloud assets are breached by a virus ….
Posted in Compliance
After decades of making passwords harder and harder manage, while the whole time every security professional and data scientist could show you how it did not make account credentials more secure, NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines that made it official.
This is a brave release and the first step for private industry to now take the lead at the product innovation, customer experience, and classic computing system usage around authentication and authorization. They make three important suggestions when it comes to passwords:
Bruce Schneier highlighted these 3 bullets and has an excellent discussion occurring in the comments. I recommend developers, security professionals, and businesses review these guidances from NIST and make the right choices! Source: Changes in Password Best Practices – Schneier on Security
Posted in Compliance
Playing with some projects on the intersection between human expression and the state of affairs related to hobbies. Explored natural speech and sentiment analysis. Worthwhile to those interested in parsing large spans of consumer experiences.
The applications to cybersecurity are immense. I look froward to sharing my experiences and open source adventures.
Analyze text using ML to extract relevant entities, understand the overall sentiment, identify parts of speech and create dependency parse trees.
Posted in Compliance
Interesting paper demonstrating a threat vector from replacement parts to consumer (easily commercial / industrial) electronic devices. This paper shows, ‘attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques.’ The authors of the paper demonstrate several use cases and prove the effectiveness of the technology.
Product cybersecurity extends well beyond the development and operate life cycle of a product, and clearly requires the maintenance phase too. The greatest challenge will be the attractiveness of non-branded 3rd party parts due to their $ savings and lack of IP protection. Other ideas and thoughts?
Posted in Compliance
One of my favorite snapshots into the current flight of product development team work patterns, habits, and cultures. Download it, it is free and THE source for catching the pulse and benefits of DevOps.
Here are a few things you’ll learn in this year’s report:
Source: 2017 State of DevOps Report, presented by Puppet and DORA
Posted in Compliance